720-891-1663

Alerts, Breach, Hacks, Legal, Security Practices

It Feels Like 1995 All Over Again

Leave a comment

First a little background. One of the main uses of cryptocurrency – not the only use – is to monetize crime. Most ransomware payments are done via cryptocurrency. There are other, legitimate uses, but they are dwarfed by the illegal uses. To the tune of tens of billions of dollars of criminal activity a year.

Early on in the cryptocurrency world (like 10 years ago), the cops did not have the ability to track cryptocurrency and its movement. That was when privacy advocates decided it was a good idea and jumped on the bandwagon. Those folks were not criminals – they just did not want the government poking around in their affairs.

So then came the next step. As the cops and private companies got MUCH better at tracking the movement of cryptocurrency – and many forms of crypto are not private at all – some bright folks came up with an idea. What if we mix whole bunches of cryptocurrency transactions together in a blender and then, when it comes out, divvy it back up. This is completely done with software. There are a lot of products that do this. Some are completely decentralized; others are not. In general this category of software is called mixers or tumblers or blenders. Mix all these transactions together to anonymize them.

One of the biggest is called Tornado Cash and it has attempted to anonymize literally billions of dollars of mostly criminal proceeds.

What the two inventors of Tornado Cash did is document a protocol that is fully decentralized and does not have a company that runs it. It is based on smart contracts and many people have copied the idea. Literally hundreds of them. They do have a centralized front end web site, but that could be duplicated and it is not even required in order to use the system.

The government – several of them – disagree that this is an honest endeavor.

Back in 1995 a guy named Phil Zimmerman created a free encryption program called pretty good privacy or PGP. The government said, at the time, that encryption was like a munition, like a bullet, and as a result they decided to restrict the export of PGP and, in fact, all strong encryption. They used the International Traffic in Arms Regulation (ITAR) to prosecute Phil.

Like what is happening now with crypto mixers, the governments are saying that basic math is a crime. The arrested and prosecuted Zimmerman but he was smarter than the government. He published the entire source code to PGP in a book. Now it is words, available anywhere in the world, and it is protected under the freedom a speech clause of the Constitution. At the time it became incredibly popular. The government lost, but still, 30 years later, they have not given up the battle. Governments around the world are still trying to ban basic math (encryption).

Fast forward to today. The government is doing the same thing, just with crypto mixers. It is a completely losing battle, but that doesn’t mean the government won’t try. The thing about all mixers is that they need a lot of volume in order to work. Lets say you are trying to hide a specific penny. If you put that penny in a bag with a hundred other pennies, you may be able to find it. Put it in a bag (I guess a really large bag) with a million other pennies and the job is not so easy. Same goes with crypto mixers.

So here is where we stand today. A Dutch court found one of the founders of Tornado Cash, Alexey Pertsev guilty of money laundering. They clearly have a point. On the other hand, all he did was create a protocol that bad people are using to launder cash. He, himself, is not laundering cash and is not making any money from the people who are.

The problem Pertsev and his fellow mixers are dealing with is that their invention is being used to launder billions of dollars of criminal proceeds and the government would like to put a stop to that. Examples are $600 million stolen from the game Axie Infinity in March 2022 and $275 million from crypto exchange Kucoin. Both of these heists were pulled off by North Korea. Not exactly our friends.

Going against the founders is email showing that they knew that it was being used for criminal money laundering and they did not stop it. They thought they were safe. They did not learn from history.

In 2022 the US Treasury sanctioned Tornado Cash, claiming that the system that they invented laundered more than $7 billion. Not that THEY laundered it but rather that the algorithm they invented and other people implemented laundered those billions.

The Dutch court sentenced Pertsev to five years and seven months. Roman Storm and Roman Semenov were indicted in the U.S. and will go on trial here soon.

But, this is like 1995. People who ignore history are doomed to repeat it.

This is like Phil Zimmerman all over again. This is an algorithm. Software. Smart contracts. If you throw these guys in jail, there are already hundreds of these mixers on the Internet. What Tornado Cash did was get too big for the government to ignore. As I said above, small mixers don’t work because you don’t have enough “pennies” to hide the bad pennies.

But other countries – Russia, China, North Korea, Iran – already run mixers and the coins that were being laundered though Tornado Cash will just go elsewhere.

These kids just thought they were smarter than the law. Apparently not.

This does not mean that anonymous digital cash is going away. In fact, there are over 2,500 different kinds of cryptocurrency already with more being created every day. There is a cat and mouse game going on between the two camps and it is a war.

This is a real problem for law enforcement. They want to lock up criminals. Crooks would prefer not to be locked up. You can see this represents a problem.

What would be helpful would be if people would improve their own security, disaster recovery and business continuity practices so that they did not feel the need to pay tens of millions of dollars in ransom (one recent example is ChangeHealth. They paid $22 million in ransom, possibly twice). If they improved their security maybe hackers would not be able to steal millions of dollars from people either. If people stopped paying the ransoms the crooks would need to find a different business model.

I don’t see that changing any time soon. Unfortunately.

All that will happen is that the mixer industry will go underground making it harder to find people to arrest and prosecute.

As for the feds. They are playing a losing game of Whack-A-Mole. Sorry.

If this causes you to rethink your security practices, please contact us. We are here to help with that.

Credit: The Record

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2024 CyberCecurity, All rights reserved. Privacy Policy